admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-07 08:00:33 +00:00
parent 1a7a7c825c
commit 37beac8bf9
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
3 changed files with 292 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
2024/45xxx/CVE-2024-45034.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45034",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache Airflow versions before 2.10.1 have a vulnerability that allows\u00a0DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. \nUsers are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250: Execution with Unnecessary Privileges",
"cweId": "CWE-250"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Airflow",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.10.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/apache/airflow/pull/41672",
"refsource": "MISC",
"name": "https://github.com/apache/airflow/pull/41672"
},
{
"url": "https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Seokchan Yoon: https://github.com/ch4n3-yoon"
},
{
"lang": "en",
"value": "Amogh Desai"
}
]
}

77
2024/45xxx/CVE-2024-45498.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45498",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873 \u00a0for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-116 Improper Encoding or Escaping of Output",
"cweId": "CWE-116"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Airflow",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/apache/airflow/pull/41873",
"refsource": "MISC",
"name": "https://github.com/apache/airflow/pull/41873"
},
{
"url": "https://lists.apache.org/thread/tl7lzczcqdmqj2pcpbvtjdpd2tb9561n",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/tl7lzczcqdmqj2pcpbvtjdpd2tb9561n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Nhien Pham (aka nhienit) at Galaxy One"
},
{
"lang": "en",
"value": "Amogh Desai"
}
]
}

151
2024/8xxx/CVE-2024-8521.json
View File

@ -1,17 +1,160 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Wavelog bis 1.8.0 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion index der Datei /qso der Komponente Live QSO. Durch Beeinflussen des Arguments manual mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.8.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b31002cec6b71ab5f738881806bb546430ec692e bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Wavelog",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "1.2"
},
{
"version_affected": "=",
"version_value": "1.3"
},
{
"version_affected": "=",
"version_value": "1.4"
},
{
"version_affected": "=",
"version_value": "1.5"
},
{
"version_affected": "=",
"version_value": "1.6"
},
{
"version_affected": "=",
"version_value": "1.7"
},
{
"version_affected": "=",
"version_value": "1.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.276726",
"refsource": "MISC",
"name": "https://vuldb.com/?id.276726"
},
{
"url": "https://vuldb.com/?ctiid.276726",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.276726"
},
{
"url": "https://vuldb.com/?submit.399819",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.399819"
},
{
"url": "https://github.com/wavelog/wavelog/pull/744",
"refsource": "MISC",
"name": "https://github.com/wavelog/wavelog/pull/744"
},
{
"url": "https://github.com/GithubUser843205/CVEs/tree/main/CVE-2024-8521",
"refsource": "MISC",
"name": "https://github.com/GithubUser843205/CVEs/tree/main/CVE-2024-8521"
},
{
"url": "https://github.com/wavelog/wavelog/commit/b31002cec6b71ab5f738881806bb546430ec692e",
"refsource": "MISC",
"name": "https://github.com/wavelog/wavelog/commit/b31002cec6b71ab5f738881806bb546430ec692e"
},
{
"url": "https://github.com/wavelog/wavelog/releases/tag/1.8.1",
"refsource": "MISC",
"name": "https://github.com/wavelog/wavelog/releases/tag/1.8.1"
}
]
},
"credits": [
{
"lang": "en",
"value": "Piglet (VulDB User)"
},
{
"lang": "en",
"value": "Piglet (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}